A new variant of the dangerous Bugbear virus is on the loose and has begun spreading rapidly. Bugbear.B is quite similar to the original virus except that the new version contains a keystroke logger and is capable of changing its appearance to evade detection.
As of about 4 p.m. EDT Thursday, MessageLabs had stopped more than 55,000 copies of the new strain of Bugbear, which is infecting about one in every 200 pieces of e-mail, according to the companys statistics.
The fast-moving Bugbear.B virus continued to spread Thursday afternoon, but most of the damage has been done outside the United States. England and Italy have been the hardest hit so far, according to statistics compiled by New York-based e-mail security provider MessageLabs Inc.
Anti-virus experts say the infection method and behavior of the virus should come as no surprise. And yet, users continue to open the infected attachments, wreaking havoc on corporate mail servers and networks. “We can stop looking for worms of mass disruption—Bugbear.B is it. The original Bugbear was amongst leading disrupters of business activity in 2002, and Bugbear.B is poised to follow in its footsteps,” said Brad Meehan, director of product management, eTrust Threat Management Solutions, at Computer Associates International Inc., in Islandia, N.Y.
The virus first showed up on the Internet Wednesday, and anti-virus companies say that it has been infecting PCs at an alarming rate. Message Labs Inc., a New York-based e-mail security company, has stopped more than 17,000 copies of the virus since last night.
Bugbear.B is the second virus to make waves this week, following in the footsteps of Sobig.C, which hit the Internet on Monday.
Bugbear.B is a typical mass-mailing virus, containing its own SMTP engine. The sending address and subject line on the virus-infected e-mails vary widely and appear to be random.
Bugbear.B is capable of spoofing addresses in several domains, some of which are high-profile companies such as Microsoft Corp., and several financial concerns.
The attachment containing the virus also has a random name, but is always 73.728 kb and has either a .pif, .exe or .scr file extension. The text in the e-mail message varies, as well.
Once resident on a PC, the virus creates a file that stores all of the keystrokes typed on the infected machine. Bugbear.B is also capable of disabling several kinds of anti-virus software and personal firewalls.
Network Associates Inc.s McAfee Security unit has classified Bugbear.B as a high risk.